====== How To Configure SSL For LSWS Web Admin GUI ======
**As of LiteSpeed Web Server v5.2, self-signed SSL certificates are automatically created for the Web Admin GUI.** 

The following instructions are useful if an older version of LSWS is being used, a different self-signed certificate is wanted, or a non-self-signed certificate is needed.

===== Install/Change Certificates =====
==== LSWS 5.2+ ====
LSWS reads the following files for its WebAdmin SSL configuration:
  * Certificate File: ''/usr/local/lsws/admin/conf/cert/admin.crt''
  * Key File: ''/usr/local/lsws/admin/conf/cert/admin.key''
  * CABundle: ''/usr/local/lsws/admin/conf/cert/admin.cabundle''

This configuration can be changed at any time by replacing these files directly.\\
Make sure the files are owned by ''lsadm:lsadm''. This can be achieved by running the following command:
<code>
chown -R lsadm:lsadm /usr/local/lsws/admin/conf/cert/*
</code>
Perform a graceful restart after making any changes. The changes will be applied, and Web Admin GUI will begin using the newly-supplied certificate. 

==== All Versions ====
The following will work for all versions of LSWS via the Web Admin GUI.
  - Log in to the Web Admin GUI and navigate to **Web Console > Listeners**.
  - Click **View/Edit** for the ''adminListener''\\ \\ {{ :litespeed_wiki:config:admin-ssl-1.png?nolink&800 |}}
  - In the **General** tab, click **Edit** and change **Secure** from ''No'' to ''Yes''. Then hit **Save**.\\ \\ {{ :litespeed_wiki:config:admin-ssl-3.png?nolink&800 |}} \\
  - Click on the **SSL** tab, hit **Edit** under the **SSL Private Key & Certificate** section, and add the following:
    * **Private Key File:** ''</path/to/ssl/key_file>''
    * **Certificate File:** ''</path/to/ssl/cert_file>''
    * **Chained Certificate:** ''Yes''
    * **CA Certificate File:** ''</path/to/ssl/ca_bundle>''\\ \\ **Note:** Make sure that these files can be read by ''lsadm''. If not, run ''chown lsadm:lsadm'' on each file so that the Web Admin GUI can read these files. \\ \\ {{ :litespeed_wiki:config:admin-ssl-4.png?nolink&800 |}} \\
  - Save and perform  a Graceful Restart of the web server. The Web Admin GUI should now be using the non-self-signed certificate.\\ \\ {{ :litespeed_wiki:config:brotli:brotli-5.png?nolink&800 |}} \\ {{ :litespeed_wiki:config:brotli:brotli-6.png?nolink&800 |}}